Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:1473-1

Опубликовано: 07 авг. 2015
Источник: suse-cvrf

Описание

Security update for subversion

subversion was updated to fix two security issues.

These security issues were fixed:

  • CVE-2015-3187: Information leak (only paths) that were hidden by path-based authz (bsc#939517).
  • CVE-2015-3184: Information leak in mixed anonymous/authenticated httpd (dav) configurations (bsc#939514).

Список пакетов

SUSE Linux Enterprise Software Development Kit 12
libsvn_auth_gnome_keyring-1-0-1.8.10-15.1
libsvn_auth_kwallet-1-0-1.8.10-15.1
subversion-1.8.10-15.1
subversion-bash-completion-1.8.10-15.1
subversion-devel-1.8.10-15.1
subversion-perl-1.8.10-15.1
subversion-python-1.8.10-15.1
subversion-server-1.8.10-15.1
subversion-tools-1.8.10-15.1

Описание

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.


Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12:libsvn_auth_gnome_keyring-1-0-1.8.10-15.1
SUSE Linux Enterprise Software Development Kit 12:libsvn_auth_kwallet-1-0-1.8.10-15.1
SUSE Linux Enterprise Software Development Kit 12:subversion-1.8.10-15.1
SUSE Linux Enterprise Software Development Kit 12:subversion-bash-completion-1.8.10-15.1

Ссылки

Описание

The svn_repos_trace_node_locations function in Apache Subversion before 1.7.21 and 1.8.x before 1.8.14, when path-based authorization is used, allows remote authenticated users to obtain sensitive path information by reading the history of a node that has been moved from a hidden path.


Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12:libsvn_auth_gnome_keyring-1-0-1.8.10-15.1
SUSE Linux Enterprise Software Development Kit 12:libsvn_auth_kwallet-1-0-1.8.10-15.1
SUSE Linux Enterprise Software Development Kit 12:subversion-1.8.10-15.1
SUSE Linux Enterprise Software Development Kit 12:subversion-bash-completion-1.8.10-15.1

Ссылки